[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.611058] audit: type=1400 audit(1520368596.916:6): avc:  denied  { map } for  pid=4190 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
syzkaller login: [   26.900301] audit: type=1400 audit(1520368605.206:7): avc:  denied  { map } for  pid=4205 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/06 20:36:45 parsed 1 programs
2018/03/06 20:36:45 executed programs: 0
[   27.156742] audit: type=1400 audit(1520368605.462:8): avc:  denied  { map } for  pid=4205 comm="syz-execprog" path="/root/syzkaller-shm705833966" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   27.171072] IPVS: ftp: loaded support on port[0] = 21
[   27.442670] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   27.801044] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   27.807151] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.846437] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   27.884170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.901751] ==================================================================
[   27.909175] BUG: KASAN: use-after-free in ip6_xmit+0x1f76/0x2260
[   27.915296] Read of size 8 at addr ffff8801b5766a18 by task syz-executor0/4370
[   27.922624] 
[   27.924228] CPU: 1 PID: 4370 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #253
[   27.931470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.940796] Call Trace:
[   27.943359]  dump_stack+0x194/0x24d
[   27.946977]  ? arch_local_irq_restore+0x53/0x53
[   27.951632]  ? show_regs_print_info+0x18/0x18
[   27.956109]  ? ip6_xmit+0x1f76/0x2260
[   27.959886]  print_address_description+0x73/0x250
[   27.964702]  ? ip6_xmit+0x1f76/0x2260
[   27.968474]  kasan_report+0x23c/0x360
[   27.972254]  __asan_report_load8_noabort+0x14/0x20
[   27.977155]  ip6_xmit+0x1f76/0x2260
[   27.980768]  ? ip6_finish_output2+0x23a0/0x23a0
[   27.985412]  ? fl6_update_dst+0x127/0x2b0
[   27.989538]  ? inet6_csk_route_socket+0x691/0xe80
[   27.994355]  ? trace_hardirqs_off+0x10/0x10
[   27.998652]  ? lock_acquire+0x1d5/0x580
[   28.002597]  ? lock_acquire+0x1d5/0x580
[   28.006546]  ? inet6_csk_xmit+0x114/0x580
[   28.010668]  ? trace_hardirqs_off+0x10/0x10
[   28.014975]  ? lock_release+0xa40/0xa40
[   28.018946]  inet6_csk_xmit+0x2fc/0x580
[   28.022894]  ? inet6_csk_update_pmtu+0x160/0x160
[   28.027625]  ? __sk_dst_check+0x1a5/0x380
[   28.031761]  ? sock_kfree_s+0x60/0x60
[   28.035570]  l2tp_xmit_skb+0x105f/0x1410
[   28.039620]  ? l2tp_session_create+0xb80/0xb80
[   28.044176]  ? sock_wmalloc+0x15d/0x1d0
[   28.048127]  ? iov_iter_advance+0x13f0/0x13f0
[   28.052599]  ? pppol2tp_sendmsg+0x41b/0x670
[   28.056895]  pppol2tp_sendmsg+0x470/0x670
[   28.061030]  ? selinux_socket_sendmsg+0x36/0x40
[   28.065678]  ? pppol2tp_getsockopt+0x900/0x900
[   28.070240]  sock_sendmsg+0xca/0x110
[   28.073931]  ___sys_sendmsg+0x767/0x8b0
[   28.077885]  ? copy_msghdr_from_user+0x590/0x590
[   28.082623]  ? __handle_mm_fault+0x5ba/0x38c0
[   28.087108]  ? __pmd_alloc+0x4e0/0x4e0
[   28.090981]  ? trace_hardirqs_off+0x10/0x10
[   28.095287]  ? selinux_socket_setsockopt+0x80/0x80
[   28.100195]  ? lock_release+0xa40/0xa40
[   28.104150]  ? __fget_light+0x2b2/0x3c0
[   28.108103]  ? fget_raw+0x20/0x20
[   28.111563]  ? find_held_lock+0x35/0x1d0
[   28.115622]  __sys_sendmsg+0xe5/0x210
[   28.119395]  ? __sys_sendmsg+0xe5/0x210
[   28.123345]  ? SyS_shutdown+0x290/0x290
[   28.127307]  ? compat_SyS_futex+0x288/0x380
[   28.131654]  compat_SyS_sendmsg+0x2a/0x40
[   28.135791]  ? compat_SyS_getsockopt+0x420/0x420
[   28.140530]  do_fast_syscall_32+0x3ec/0xf9f
[   28.144833]  ? do_int80_syscall_32+0x9c0/0x9c0
[   28.149388]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.154121]  ? syscall_return_slowpath+0x2ac/0x550
[   28.159035]  ? prepare_exit_to_usermode+0x350/0x350
[   28.164043]  ? sysret32_from_system_call+0x5/0x3c
[   28.168864]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.173688]  entry_SYSENTER_compat+0x70/0x7f
[   28.178069] RIP: 0023:0xf7f24c99
[   28.181403] RSP: 002b:00000000ffa6ec6c EFLAGS: 00000282 ORIG_RAX: 0000000000000172
[   28.189083] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   28.196328] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   28.203567] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   28.210810] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.218053] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.225313] 
[   28.226921] Allocated by task 4203:
[   28.230525]  save_stack+0x43/0xd0
[   28.233951]  kasan_kmalloc+0xad/0xe0
[   28.237634]  kasan_slab_alloc+0x12/0x20
[   28.241583]  kmem_cache_alloc+0x12e/0x760
[   28.245704]  dst_alloc+0x11f/0x1a0
[   28.249218]  rt_dst_alloc+0xe9/0x520
[   28.252907]  ip_route_output_key_hash_rcu+0xa59/0x2f00
[   28.258157]  ip_route_output_key_hash+0x20b/0x370
[   28.262971]  __ip4_datagram_connect+0xa67/0x1240
[   28.267699]  __ip6_datagram_connect+0x749/0x12d0
[   28.272431]  ip6_datagram_connect+0x2f/0x50
[   28.276736]  inet_dgram_connect+0x16b/0x1f0
[   28.281036]  SYSC_connect+0x213/0x4a0
[   28.284809]  SyS_connect+0x24/0x30
[   28.288324]  do_syscall_64+0x281/0x940
[   28.292184]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   28.297341] 
[   28.298940] Freed by task 0:
[   28.301933]  save_stack+0x43/0xd0
[   28.305357]  __kasan_slab_free+0x11a/0x170
[   28.309560]  kasan_slab_free+0xe/0x10
[   28.313336]  kmem_cache_free+0x83/0x2a0
[   28.317284]  dst_destroy+0x257/0x370
[   28.320969]  dst_destroy_rcu+0x16/0x20
[   28.324832]  rcu_process_callbacks+0xd6c/0x17f0
[   28.329472]  __do_softirq+0x2d7/0xb85
[   28.333242] 
[   28.334846] The buggy address belongs to the object at ffff8801b5766a00
[   28.334846]  which belongs to the cache ip_dst_cache of size 168
[   28.347560] The buggy address is located 24 bytes inside of
[   28.347560]  168-byte region [ffff8801b5766a00, ffff8801b5766aa8)
[   28.359315] The buggy address belongs to the page:
[   28.364219] page:ffffea0006d5d980 count:1 mapcount:0 mapping:ffff8801b5766000 index:0xffff8801b5766000
[   28.373641] flags: 0x2fffc0000000100(slab)
[   28.377850] raw: 02fffc0000000100 ffff8801b5766000 ffff8801b5766000 0000000100000007
[   28.385703] raw: ffffea0006c957e0 ffff8801d5bf5f38 ffff8801d5bf4e00 0000000000000000
[   28.393559] page dumped because: kasan: bad access detected
[   28.399246] 
[   28.400844] Memory state around the buggy address:
[   28.405744]  ffff8801b5766900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.413088]  ffff8801b5766980: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   28.420430] >ffff8801b5766a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.427762]                             ^
[   28.431887]  ffff8801b5766a80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   28.439233]  ffff8801b5766b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.446564] ==================================================================
[   28.453898] Disabling lock debugging due to kernel taint
[   28.459358] Kernel panic - not syncing: panic_on_warn set ...
[   28.459358] 
[   28.466707] CPU: 1 PID: 4370 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #253
[   28.475256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.484588] Call Trace:
[   28.487164]  dump_stack+0x194/0x24d
[   28.490772]  ? arch_local_irq_restore+0x53/0x53
[   28.495416]  ? kasan_end_report+0x32/0x50
[   28.499550]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.504292]  ? vsnprintf+0x1ed/0x1900
[   28.508070]  ? ip6_xmit+0x1f30/0x2260
[   28.511857]  panic+0x1e4/0x41c
[   28.515043]  ? refcount_error_report+0x214/0x214
[   28.519782]  ? add_taint+0x1c/0x50
[   28.523299]  ? add_taint+0x1c/0x50
[   28.526832]  ? ip6_xmit+0x1f76/0x2260
[   28.530615]  kasan_end_report+0x50/0x50
[   28.534575]  kasan_report+0x149/0x360
[   28.538359]  __asan_report_load8_noabort+0x14/0x20
[   28.543263]  ip6_xmit+0x1f76/0x2260
[   28.546891]  ? ip6_finish_output2+0x23a0/0x23a0
[   28.551534]  ? fl6_update_dst+0x127/0x2b0
[   28.555654]  ? inet6_csk_route_socket+0x691/0xe80
[   28.560468]  ? trace_hardirqs_off+0x10/0x10
[   28.564772]  ? lock_acquire+0x1d5/0x580
[   28.568716]  ? lock_acquire+0x1d5/0x580
[   28.572658]  ? inet6_csk_xmit+0x114/0x580
[   28.576779]  ? trace_hardirqs_off+0x10/0x10
[   28.581077]  ? lock_release+0xa40/0xa40
[   28.585051]  inet6_csk_xmit+0x2fc/0x580
[   28.589002]  ? inet6_csk_update_pmtu+0x160/0x160
[   28.593734]  ? __sk_dst_check+0x1a5/0x380
[   28.597886]  ? sock_kfree_s+0x60/0x60
[   28.601671]  l2tp_xmit_skb+0x105f/0x1410
[   28.605712]  ? l2tp_session_create+0xb80/0xb80
[   28.610265]  ? sock_wmalloc+0x15d/0x1d0
[   28.614215]  ? iov_iter_advance+0x13f0/0x13f0
[   28.618682]  ? pppol2tp_sendmsg+0x41b/0x670
[   28.622977]  pppol2tp_sendmsg+0x470/0x670
[   28.627098]  ? selinux_socket_sendmsg+0x36/0x40
[   28.631743]  ? pppol2tp_getsockopt+0x900/0x900
[   28.636298]  sock_sendmsg+0xca/0x110
[   28.639986]  ___sys_sendmsg+0x767/0x8b0
[   28.643936]  ? copy_msghdr_from_user+0x590/0x590
[   28.648670]  ? __handle_mm_fault+0x5ba/0x38c0
[   28.653140]  ? __pmd_alloc+0x4e0/0x4e0
[   28.657000]  ? trace_hardirqs_off+0x10/0x10
[   28.661310]  ? selinux_socket_setsockopt+0x80/0x80
[   28.666210]  ? lock_release+0xa40/0xa40
[   28.670159]  ? __fget_light+0x2b2/0x3c0
[   28.674105]  ? fget_raw+0x20/0x20
[   28.677536]  ? find_held_lock+0x35/0x1d0
[   28.681586]  __sys_sendmsg+0xe5/0x210
[   28.685357]  ? __sys_sendmsg+0xe5/0x210
[   28.689299]  ? SyS_shutdown+0x290/0x290
[   28.693247]  ? compat_SyS_futex+0x288/0x380
[   28.697552]  compat_SyS_sendmsg+0x2a/0x40
[   28.701670]  ? compat_SyS_getsockopt+0x420/0x420
[   28.706412]  do_fast_syscall_32+0x3ec/0xf9f
[   28.710708]  ? do_int80_syscall_32+0x9c0/0x9c0
[   28.715259]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.719986]  ? syscall_return_slowpath+0x2ac/0x550
[   28.724890]  ? prepare_exit_to_usermode+0x350/0x350
[   28.729880]  ? sysret32_from_system_call+0x5/0x3c
[   28.734696]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.739513]  entry_SYSENTER_compat+0x70/0x7f
[   28.743894] RIP: 0023:0xf7f24c99
[   28.747229] RSP: 002b:00000000ffa6ec6c EFLAGS: 00000282 ORIG_RAX: 0000000000000172
[   28.754908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   28.762148] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   28.769390] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   28.776631] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.783873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.791545] Dumping ftrace buffer:
[   28.795057]    (ftrace buffer empty)
[   28.798738] Kernel Offset: disabled
[   28.802336] Rebooting in 86400 seconds..